Postfix, CAfile and Macports

Johannes Kastl mail at ojkastl.de
Wed Jan 25 21:19:59 UTC 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

after Daniel told me the right way to get to the logs, I tried to
setup postfix to forward local mails via a relayhost.

Postfix is installed with +pcre+sasl+smtputf8+tls, so basically
sending via tls and authenticating to the relayhost should work.

But: I can't get postfix to accept the servers certificate, no
matter which smtp_tls_CAfile I set. I tried the one from
curl-ca-bundle, the one from python, I also copied over a working
one from Linux. But postfix seems to ignore it. I always get:

> certificate verification failed for
> mail.your-server.de[78.46.5.205]:25: untrusted issuer
> /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

and later:
... status=deferred (Server certificate not trusted)

I also downloaded the root certificates and tried them, but no
change. I downloaded the certificate chain via openssl, but again:
no change.

Is postfix ignoring the settings because of some OSX specialty? Or
is this some misconfiguration on my side, that is only apprent on
OSX and not on 30+ linux machines running postfix 3.x?

Thanks again,
Johannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/

iEYEARECAAYFAliJFn8ACgkQzi3gQ/xETbLbcwCfS+TF1MqmWMDUOO8x69nuR5kx
LJUAnjjJBy0tYE/24KorWy2c4V5gR5WM
=dPZ2
-----END PGP SIGNATURE-----



More information about the macports-dev mailing list